package com.dbky.alg.app;

import com.dbky.alg.app.authentication.CustomerAuthenticationFailureHandler;
import com.dbky.alg.app.authentication.CustomerAuthenticationSuccessHandler;
import com.dbky.alg.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.dbky.alg.core.properties.AlgSecurityProperties;
import com.dbky.alg.core.properties.SecurityConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * @Auther: tianchao
 * @Date: 2021/12/17 21:33
 * @Description: 资源服务器
 */
@Configuration
@EnableResourceServer
public class AlgResourceServerConfig extends ResourceServerConfigurerAdapter {
    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
    @Autowired
    private AlgSecurityProperties algSecurityProperties;
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                .loginProcessingUrl(SecurityConstants.DEFAULT_SIGN_IN_PROCESSING_URL_FORM)
                .successHandler(customerAuthenticationSuccessHandler())
                .failureHandler(customerAuthenticationFailureHandler());
        http.apply(smsCodeAuthenticationSecurityConfig)
                .and()
                .authorizeRequests().antMatchers(
                "/alg-signIn.html",
                "/authentication/require",
                algSecurityProperties.getBrowser().getLoginPage(),
                "/code/image",
                "/code/sms",
                "/auth/**",
                "/session/invalid",
                "/alg-logout.html"
        ).permitAll()
                .anyRequest().authenticated()
                .and()
                .csrf().disable();
    }

    @Bean
    public CustomerAuthenticationFailureHandler customerAuthenticationFailureHandler(){
        return new CustomerAuthenticationFailureHandler();
    }
    @Bean
    public CustomerAuthenticationSuccessHandler customerAuthenticationSuccessHandler(){
        return new CustomerAuthenticationSuccessHandler();
    }



}
